Login system (error when banned)

Navigation
0

I have a login system and wanted to see ERROR if the user is banned. The SQL name in the table is "ban", if "ban" is equal to "0" the user will not be banned, and if "ban" is equal to "1" the user will be banned and will not be able to log in. p>

Code: 

<?php
  @$username = $_POST['username'];
  @$password = $_POST['password'];
  $passwordcrip = md5($password);

  if((!$username) || (!$password)) {
    echo "";
  } else {
    $passwordcrip = md5($password);

    $sql = mysql_query("SELECT * FROM usr_users WHERE username='{$username}' AND password='{$passwordcrip}'");
    $login_check = mysql_num_rows($sql);

    if($login_check > 0){

      while($row = mysql_fetch_array($sql)){

        foreach( $row AS $key => $val ){
          $key = stripslashes( $val );
          echo "";
        }

          $_SESSION['id'] = $id;
          $_SESSION['username'] = $username;
          $_SESSION['email'] = $email;
          $_SESSION['credits'] = $credits;

          mysql_query("UPDATE usr_users SET ultimo_log = now() WHERE id ='{$id}'");
          header("Location: index.php");
      }

    } else {
        echo  "<div class='right' style='background: rgb(173, 2, 2);width: 100%;height: 50px;line-height: 50px;background-repeat: no-repeat;padding-left: 30px;color: white;'>
                Dados incorretos, tente novamente.
              </div>";
    }
  }
?>
    
asked by anonymous 24.07.2015 / 13:25

2 answers

1

I gave myself the freedom to make some improvements in your script, here are some of them:

Treat errors instead of deleting them: 

$username = (empty($_POST['username']) ? NULL : $_POST['username']);
$password = (empty($_POST['password']) ? NULL : $_POST['password']);

Remove while , because theoretically we will only have one username for each: 

$row = mysql_fetch_assoc($sql);

Remove loop unnecessary and use arrays index: 

$_SESSION['id']        =  $row['id'];
$_SESSION['username']  =  $row['username'];
$_SESSION['email']     =  $row['email'];
$_SESSION['credits']   =  $row['credits'];

Follow Script: 

<?php

// Não é bom suprimir erros, pois erros deixam o script lento
// é melhor trata-los
$username = (empty($_POST['username']) ? NULL : $_POST['username']);
$password = (empty($_POST['password']) ? NULL : $_POST['password']);

$erro = FALSE;

if( !$username || !$password){
  $erro = TRUE;
  $msg = "Usuário e senha não devem ficar em branco";
} else {

   $passwordcrip = md5($password);

   $sql = mysql_query("SELECT * FROM usr_users WHERE username='{$username}'");
   $login_check = mysql_num_rows($sql);



   if($login_check > 0){

      // Teóricamente só terá um usuário, não precisara de while
      $row = mysql_fetch_assoc($sql);

      // Verifica senha
      if ($row['password'] != $passwordcrip) {
         $erro = TRUE;
         $msg  = 'Senha incorreta.';
      }

      // Verifica se usuário banido
      if ($row['ban']){
         $erro = TRUE;
         $msg  = 'Conta banida.';
      }


      // Se não houve erro prossegue
      if (!$erro){
         $_SESSION['id']        =  $row['id'];
         $_SESSION['username']  =  $row['username'];
         $_SESSION['email']     =  $row['email'];
         $_SESSION['credits']   =  $row['credits'];

         mysql_query("UPDATE usr_users SET ultimo_log = now() WHERE id ='{$id}'");

         header("Location: index.php");
         exit;
      }

  } else {
      $erro = TRUE;
      $msg = "Nenhum usuário encontrado.";
  }

}


   if ($erro)
      echo "<div class='right' style='background: rgb(173, 2, 2);width: 100%;height: 50px;line-height: 50px;background-repeat: no-repeat;padding-left: 30px;color: white;'>{$msg}</div>";

?>
    
24.07.2015 / 13:58
0

You can get the return from mysql and find the index of ban and make a if verifying that it is banned to perform an action. 

         if($row[0]['ban'] === '1'){
            echo 'usuário está banido e não pode logar.';
         }
    
24.07.2015 / 13:39
VB.NET - Public Shared Function Error insert PHP [duplicate]